[CentOS] Centos Firewall - router with virtual IP

Fri Nov 4 00:43:42 UTC 2011
Fajar Priyanto <fajarpri at arinet.org>

On Fri, Nov 4, 2011 at 6:59 AM, John R Pierce <pierce at hogranch.com> wrote:
> On 11/02/11 7:34 PM, Fajar Priyanto wrote:
>> I'm creating a firewall router with Centos with few virtual IP using iptables.
>>
>> May I ask for your experience?
>> Is there any pitfall or bad side of using virtual IP for this purpose?
>> I'm using few virtual IP to accommodate few subnets that go through
>> this firewall/router.
>
> now, when you say 'virtual IP', do you mean alias IPs on your WAN
> (outside) interface(s), or multiple private subnets on the LAN (inside)
> interface(s) ?   none of those are 'virtual' in any sense I'd use that
> adjective.

Hi John, thanks for asking.
My firewall setup is like this:
Physical NIC:
eth0 - to outside world
eth1 - to LAN
There is masquerading in eth0 so LAN can go to internet

Now, I'm adding some virtual interface eth1:0, eth1:1... so on to
accommodate new subnets created in the LAN.

My concern comes from question... how does the MAC addressing is
handled (by the switches and the OS)? Because wouldn't eth1:0, etc be
sharing the same MAC address as eth1? Will there be any problem or
confusion in the network?